SharePoint Online: Find All Lists with Unique Permissions using PowerShell

Requirement: Get All Lists and Libraries with Unique Permissions using PowerShell

How to Check if a list is using Unique permissions or inheriting permissions from the parent?
To get if list or library has unique permissions, follow these steps:
  • Navigate to the list and then go to List or Library Settings.
  • In List settings page click on "Permissions for this List/Document library" link
  • The list settings page gives you the information whether the list has unique permissions. If the list or library has unique permissions, you'll get the text "This list/library has unique permissions", otherwise "This list/library inherits permissions from its parent."
    sharepoint online find unique permission lists

Check If the List or Library has Unique Permissions using PowerShell: 
Lets check if the given list has unique permissions 
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#To call a non-generic method Load
Function Invoke-LoadMethod() {
   param([Microsoft.SharePoint.Client.ClientObject]$Object = $(throw "Please provide a Client Object"),[string]$PropertyName) 
   $ctx = $Object.Context
   $load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load") 
   $type = $Object.GetType()
   $clientLoad = $load.MakeGenericMethod($type)  
   $Parameter = [System.Linq.Expressions.Expression]::Parameter(($type), $type.Name)
   $Expression = [System.Linq.Expressions.Expression]::Lambda([System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),[System.Object] ), $($Parameter))
   $ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1)
   $ExpressionArray.SetValue($Expression, 0)
   $clientLoad.Invoke($ctx,@($Object,$ExpressionArray))
}

#Define Parameter values
$SiteURL="https://crescent.sharepoint.com"
$ListName="Projects"

#Setup Credentials to connect
$Cred= Get-Credential
$Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)

#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = $Credentials
        
#Get the List
$List = $Ctx.Web.Lists.GetByTitle($ListName)
$Ctx.Load($List)
$Ctx.ExecuteQuery()

#Check if list has unique permissions
Invoke-LoadMethod -Object $list -PropertyName "HasUniqueRoleAssignments"
$Ctx.ExecuteQuery()

Write-Host "List has Unique Permissions?": $List.HasUniqueRoleAssignments

Find All Lists and Libraries with Unique Permissions in a SharePoint Online Site:
Lets modify the script a bit to get all unique permission-ed lists and libraries from a SharePoint Online site.
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

#To call a non-generic method Load
Function Invoke-LoadMethod() {
   param([Microsoft.SharePoint.Client.ClientObject]$Object = $(throw "Please provide a Client Object"),[string]$PropertyName) 
   $ctx = $Object.Context
   $load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load") 
   $type = $Object.GetType()
   $clientLoad = $load.MakeGenericMethod($type)  
   $Parameter = [System.Linq.Expressions.Expression]::Parameter(($type), $type.Name)
   $Expression = [System.Linq.Expressions.Expression]::Lambda([System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),[System.Object] ), $($Parameter))
   $ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1)
   $ExpressionArray.SetValue($Expression, 0)
   $clientLoad.Invoke($ctx,@($Object,$ExpressionArray))
}

#Define Parameter values
$SiteURL="https://crescent.sharepoint.com"

Try {
    #Setup Credentials to connect
    $Cred= Get-Credential
    $Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)

    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = $Credentials
        
    #Get All Lists of the web
    $ListCollection = $Ctx.Web.Lists
    $Ctx.Load($ListCollection)
    $Ctx.ExecuteQuery()

    #Iterate through each list - Ignore Hidden Lists
    ForEach($List in $ListCollection | Where {$_.Hidden -eq $False})
    {
        #Check if list has unique permissions
        Invoke-LoadMethod -Object $list -PropertyName "HasUniqueRoleAssignments"
        $Ctx.ExecuteQuery()
        If($List.HasUniqueRoleAssignments -eq $true)
        {
            Write-Host -f Green "List '$($List.Title)' has Unique Permissions"
        }
        else
        {
            Write-Host -f Yellow "List '$($List.Title)' is inhering Permissions from the Parent"
        }
    }
}
Catch {
    write-host -f Red "Error Checking Unique Permissions!" $_.Exception.Message
}

PnP PowerShell: Get All Lists and Libraries with Unique Permission
This time, let's get all lists and libraries with unique permissions from a SharePoint Online site collection.
#Function to Get Lists and Libraries with Unique Permission from a Site collection
Function Get-UniquePermissionLists($SiteURL)
{
    #Connect to SharePoint Online Site from PnP Online
    Connect-PnPOnline -Url $SiteURL -UseWebLogin
    $Web = Get-PnPWeb

    #Function to Get Lists with Unique Permissions from the web
    Function Get-PnPUniquePermissionLists([Microsoft.SharePoint.Client.Web]$Web)
    {
        Write-host "Searching Lists and Libraries with Unique Permissions at:"$Web.Url -f Yellow
        #Get All Lists from the web
        $Lists = Get-PnPList -Web $Web -Includes HasUniqueRoleAssignments
    
        #Exclude system lists
        $ExcludedLists = @("Content and Structure Reports","Form Templates","Images","Pages","Preservation Hold Library", "Site Pages", "Site Assets",
                             "Site Collection Documents", "Site Collection Images","Style Library","Reusable Content","Workflow History","Workflow Tasks")
              
        #Iterate through lists
        ForEach($List in $Lists)
        {
            #Filter Lists - Exclude System Lists, hiddenlists and get only lists with unique permissions
            If($List.Hidden -eq $False -and $ExcludedLists -notcontains $List.Title -and $List.HasUniqueRoleAssignments)
            {
                Write-host "`tFound a List '$($List.Title)' with Unique Permission at '$($List.RootFolder.ServerRelativeUrl)'" -f Green
            }
        }
    }
    #Call the function for Root Web
    Get-PnPUniquePermissionLists($Web)

    #Call the function for all subsites
    Get-PnPSubWebs -Recurse | ForEach-Object {
        Get-PnPUniquePermissionLists($_)
    }
 }

#Call the function
Get-UniquePermissionLists "https://crescent.sharepoint.com/Sites/Papers"
These scripts gets you all lists and libraries with unique permissions. To delete unique permissions from SharePoint Online using PowerShell, use: SharePoint Online: Remove Unique Permissions from List using PowerShell

No comments:

Please Login and comment to get your questions answered!

Powered by Blogger.